Here's a weird one. I have a parent-child domain structure. Parent has 3 DCs (all Win 2008 R2); child has 6 DCs (all Win2008 R2). Now we are updating the AD to Win2012 R2.
Last week I added 3 Win2012 R2 DCs to the parent domain; went fine. No replication errors; no dcdiag errors. So now I have 3 Win2008 R2 DCs, and 3 Win2012 R2 DCs (eventually we will retire the 2008 DCs, and upgrade the FFL/DFL to Win 2012 R2). This weekend I added 3 Win2012 R2 DCs to the child domain, planning on doing the same. And now I am seeing errors in dcdiag, in the parent domain. >From the parent domain, I run "dcdiag /c /e /v". On the the Win 2008 R2 DCs in the parent, 1 of the child Win 2012 R2 DCs just does not show up in the DNS delegation list; it's just not there (in the DNS tests; it does show in all the other tests). On the 3 Win2012 R2 DCs in the parent, they all show "IP:<unavailable" [missing glue A record]". At least they are listing that child DC as a DNS server in the delegated child domain; the Win2008 R2 DCs don't even show it at all. More weirdness: a "dnslint /ad" shows me glue records for that (partially) missing DC (aka CHILD-DC4). The other dcdiag tests (advertising, CheckSecurityError, etc) - they all showCHILD-DC4, and all other tests pass. It's just that DNS test that is failing. So: how can the 3 old DCs not even know there is a missing server in those DNS tests? And how can the new servers know that there should be a record for it, but not find it, if dnslint *does* find it? No replication errors (using "repadmin /showrepl" and "repadmin /replsummary"); CHILD-DC4 shows up in the replication on all parent DCs, old and new. CHILD-DC4 does show up as an NS record in the child domain entry on the parent DCs (old and new); and does show up in the properties of the child domain as a name server. I'm sorted stumped. Thoughts?
